Your Guide To All Things Cain™

Menu

Push SSH public keys to multiple host

I’m starting a new job where I need to have my SSH keys pushed to hundreds of Red Hat servers. The special sauce is a command called ssh-copy-id. However, using this command requires you answering a (yes/no) question, then shortly thereafter enter your password. Painful. Here’s how push your keys without the pain.
The first problem is having to answer (yes/no) for each server. Normally you see this…

The authenticity of host 'myfirsthost.work.cainmanor.com (10.256.33.106)' can't be established.
RSA key fingerprint is fc:40:7c:de:b8:ac:a2:f5:d4:11:d0:0e:b2:77:8a:63.
Are you sure you want to continue connecting (yes/no)? yes

The authenticity of host 'myfirsthost.work.cainmanor.com (10.256.33.106)' can't be established.
RSA key fingerprint is fc:40:7c:de:b8:ac:a2:f5:d4:11:d0:0e:b2:77:8a:63.
Are you sure you want to continue connecting (yes/no)? yes

To stop this prompt, we need to edit your ~/.ssh/config file. Add these two lines

StrictHostKeyChecking no
UserKnownHostsFile=/dev/null

StrictHostKeyChecking no
UserKnownHostsFile=/dev/null

Setting your UserKnownHostsFile should only be a temporary fix. After you’ve pushed your keys, you should comment out both of those settings.

Your password is the next problem. We can solve that with sshpass. sshpass takes your password and passes it on when ssh ask for it. There are three ways to do it, all of them insecure. Read the man page and decide which of those you want to use. For my purposes I just put it on the command line – I’m on my personal machine with no other users, and only I know the passwords to the box. Don’t do this on a shared server.

Here is an example of how to push your public key one. Try it on a new server to make sure you get the results you expect.

sshpass -p'MY_PASSWORD' ssh-copy-id gregc@new_host_with_no_keys

sshpass -p 'MY_PASSWORD' ssh-copy-id gregc@new_host_with_no_keys

Now that we’ve got the prompts turned off, we’ll wrap a script around this. How you get the list of appropriate hostnames or IP’s is your business.